We would like to place cookies on your computer to help us make this web site better. By clicking onto another page on this web site you agree that cookies will be used. If you wish to change your settings please refer to our Privacy and Cookie Statement

Bleiben Sie auf dem Laufenden mit First Data

Binding Corporate Rules

PLEASE NOTE: First Data was recently acquired by Fiserv. The change in corporate ownership does not impact the applicability of the Binding Corporate Rules, which remain in force relating to the activities of companies listed in the documents posted below. The contents of this page, and of the BCRs themselves, will be updated when appropriate. Should you have any queries or concerns about the BCRs, as to their continued effectiveness or otherwise, please contact dpo@firstdata.com.

Binding Corporate Rules (BCRs) express our commitment to data protection at First Data. BCRs are a legally binding agreement with the Data Protection Authorities of the EU member states to uphold standards of data protection in connection with providing services to our data subjects (individuals) and clients. BCRs facilitate First Data’s transfer of Personal Data internationally to our global affiliates in compliance with EU data protection law.

The EU currently recognizes two kinds of BCRs: Controller BCRs and Processor BCRs. Our Controller BCRs enable us to transfer Personal Data that we control (for example, employee information) within First Data globally. Processor BCRs enable us to make global transfers of personal data that we process on behalf of our clients from the EU to other First Data locations. First Data is one of very few groups of companies to have obtained approval for both Controller BCRs and Processor BCRs.

BCRs provide confidence to First Data employees, clients, data subjects (individuals), and end-consumers that their Personal Data is being processed using legally binding standards. BCRs offer a competitive advantage over other processors without this approval.

BCRs do not override client contracts or local laws and regulations, so any restrictions contained in those documents and laws still apply.

Additional information can be found within the following documents, which are posted below:

A copy of both our processor and controller BCRs

A listing of the First Data entities that have executed intra-group agreements (IGAs)